...
- override usernames in roles/housekeeping/defaults/main.yml
- determine / document how to write and execute a one-off ansible script
- determine / document which variables to change for creating staging, as opposed to production, and how to do this.
- I would recommend logging into the console and adding EC2 tags to differentiate your staging from your production instances.
- Investigate using an Elastic IP for your production instance, so you can keep your DNS settings (oursite.chemheritage.com points to 111.22.3333.44) when you switch out the instance that’s serving as production.
- add add'l keys for ubuntu user
- Note: do this with a small script, with an ssh connection open to the instance. test the new connection before closing the open one. This will ensure you don't get locked out.
- delete all instances (but keep backups)
- create virtual hosts stanza for 443
- generate self-signed cert, store it in ansible-vault, manage it via ansible
- check log rotation for tomcat, solr.
- set up log rotation for application logs.
- Lock down web access to aws machines (via security profile)
- determine central storage location for keys / passwords
- Look into the setting on Volumes to delete on terminate. Although there may be cases where that is not what we want?
- Instance type (m3.medium) is probably a little small. Look at the other options and consider bumping up.
- create google doc from alicia's report, integrate these notes into that!
Executing the scripts
# ansible config contains private data encrypted using ansible-vault; ask anna for the password
...